.github/workflows/pre-commit.yml

name: Pre-Commit

on:
  pull_request:
  push:
    branches:
      - develop
      - main

jobs:
  getDirectories:
    name: Get root directories
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Install Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.8'
          architecture: 'x64'

      - name: Build matrix
        id: matrix
        run: |
          DIRS=$(python -c "import json; import glob; print(json.dumps([x.replace('/providers.tf', '') for x in glob.glob('./**/providers.tf', recursive=True)]))")
          echo "::set-output name=directories::$DIRS"
    outputs:
      directories: ${{ steps.matrix.outputs.directories }}

  preCommitMinVersions:
    name: Min validate
    needs: getDirectories
    runs-on: ubuntu-latest
    strategy:
      matrix:
        directory: ${{ fromJson(needs.getDirectories.outputs.directories) }}
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Install Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.8'
          architecture: 'x64'

      - name: Terraform min/max versions
        id: minMax
        uses: clowdhaus/terraform-min-max@v1.0.1
        with:
          directory: ${{ matrix.directory }}

      - name: Install Terraform v${{ steps.minMax.outputs.minVersion }}
        uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: ${{ steps.minMax.outputs.minVersion }}

      - name: Install pre-commit
        run: pip install pre-commit

  getBaseVersion:
    name: Module max TF version
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Terraform min/max versions
        id: minMax
        uses: clowdhaus/terraform-min-max@v1.0.1
    outputs:
      minVersion: ${{ steps.minMax.outputs.minVersion }}
      maxVersion: ${{ steps.minMax.outputs.maxVersion }}

  preCommitMaxVersion:
    name: Max pre-commit
    runs-on: ubuntu-latest
    needs: getBaseVersion
    strategy:
      fail-fast: false
      matrix:
        version:
          - ${{ needs.getBaseVersion.outputs.maxVersion }}
    steps:
      - name: Checkout
        uses: actions/checkout@v2

      - name: Install Python
        uses: actions/setup-python@v2
        with:
          python-version: '3.8'
          architecture: 'x64'

      - name: Install Terraform v${{ matrix.version }}
        uses: hashicorp/setup-terraform@v1
        with:
          terraform_version: ${{ matrix.version }}

      - name: Install pre-commit dependencies
        run: |
          pip install pre-commit
          pip install checkov
          curl -L "$(curl -s https://api.github.com/repos/terraform-linters/tflint/releases/latest | grep -o -E "https://.+?_linux_amd64.zip")" > tflint.zip && unzip tflint.zip && rm tflint.zip && sudo mv tflint /usr/bin/

      - name: Execute pre-commit
        continue-on-error: true # To avoid pre-commit failure
        run: |
          pre-commit run --color=always --show-diff-on-failure --all-files

      - name: Get current branch name
        id: vars
        run: |
          echo ::set-output name=branch_name::${GITHUB_REF##*/}

      - name: "Get branch name and save to env"
        env:
          IS_PR: ${{ github.EVENT_NAME == 'pull_request' }}
        run: |
          if ${IS_PR}; then
            BRANCH_NAME="${GITHUB_HEAD_REF}"
          else
            BRANCH_NAME="${GITHUB_REF##*/}"
          fi
          echo "BRANCH_NAME=${BRANCH_NAME}" >> $GITHUB_ENV

      - uses: actions/checkout@v2
        with:
          ref: ${{ github.event.pull_request.head.ref }}

      - name: Render terraform docs and commit changes
        if: ${{ env.BRANCH_NAME }}  == 'develop'
        uses: terraform-docs/gh-actions@main
        with:
          working-dir: .
          output-file: README.md
          output-method: inject
          git-push: "true"

      - name: Commit pre-commit modified files
        if: ${{ env.BRANCH_NAME }} == 'develop'
        run: |
          git config --local user.email "terraform+github-actions[bot]@users.noreply.github.com"
          git config --local user.name "github-actions[bot]"
          git diff-index --quiet HEAD || (git add -A && git commit -m'[bot] update files' --allow-empty && git push -f)

      - uses: actions/checkout@v2
      - name: Create PR
        continue-on-error: true
        uses: repo-sync/pull-request@v2
        if: ${{ env.BRANCH_NAME }}  == 'develop'
        with:
          source_branch: "develop"
          destination_branch: "main"
          pr_title: "Pulling ${{ github.ref }} into main"
          pr_body: ":crown: *Automated PR*"
          pr_label: "auto-pr"
          pr_allow_empty: false
          github_token: ${{ secrets.GITHUB_TOKEN }}